On Tue, Dec 16, 2014 at 6:29 AM, Dennis E. Hamilton <dennis.hamil...@acm.org > wrote:
> -- Replying to below -- > From: Rob Weir [mailto:r...@robweir.com] > Sent: Monday, December 15, 2014 06:26 > To: dev@openoffice.apache.org; Dennis Hamilton > Subject: Re: Deflecting the Attack of the Clones > > [ ... ] > > My impression is that Firefox does something similar. I think I read > someplace that their source code distribution lacks the Firefox > branding. It is more of a "white label" product, functionally the > same as Firefox, but without the branding. > > But still, I don't think that really solves the problems that we face. > Correct be if I'm wrong, but we're not really seeing someone doing > their own compile of AOO from source code and using that to spread > malware, right? We're seeing people take our binaries directly and > bundle that with installers that spread the malware, or put up > websites that charge and then point to AOO's binaries directly. > > In the end, the real harm here is done to the users. So I wonder > whether the best we can do is make it easy for them to raise > complaints with those who can take action, e.g, payment processors > associated with credit cards or telephone networks, or even consumer > authorities. > > <orcnote> > I agree that this does nothing about folks charging for a link to the > AOO download or the more-tolerable convenience CD. > > Certainly cultivating consumer awareness is the most important action > we can take, along with finding some way to deal with the fact that > SEO is not our friend, particularly on SourceForge (and apparently > amazon if they are still providing downloads). > The solution is comparatively simple: a strong, well funded, community supported marketing "project". A brand is only as good as the marketing behind it and "consumer awareness" is simply a product of good marketing. The enduser downloading clones is only aware of the brand under her cursor if the primary brand is not out there for them to see. > > However, there are now apparent forks of AOO, such as AndrOpen Office > (boldly dubbed "AOO" and which seems to confuse some folks even > though it is described as a fork and as not associated with the > project). > > So, establishing careful provenance (which signing will help) and > encouraging users to be aware of it and of responsible sources go > together. > > I also agree that assisting users in obtaining redress or at least > Registering complaints is valuable. It is just more externality that > the perpetrators are subjecting the project to, though. > > The advantage of a white box source release is that any counterfeit is > clearly willful, as opposed to plausibly accidental/careless. I imagine > that is not much deterrent to the determined. > > For some sort of stronger arrangement, it is probably necessary to get > into various controlled "app" stores. Linux distributions apparently do > their own builds for inclusion in their supported package libraries, > so that might be in the "plus" column. > </orcnote> > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > >
